Changing Your Server Headers Using Varnish

Changing one’s server headers is both practical and fun. It’s a good idea to remove information that could help an attacker, and it’s also enjoyable to put interesting values in there and see who notices.

There are tons of ways of doing this, based on the server you use, but here’s a way to do it with Varnish.

Editing default.vcl

In Varnish, your default.vcl file contains the rules that govern your server responses. The vcl_deliver section further defines what goes out to clients.

By adjusting this section you can strip the values that were set by your backend web server, and substitute your own: